package com.zenithmind.coding.config.security;

import lombok.extern.slf4j.Slf4j;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.stereotype.Component;

/**
 * 默认安全配置策略实现 - 遵循策略模式，提供标准的安全配置
 * 
 * @author ZenithMind Team
 * @since 2025-01-09
 */
@Slf4j
@Component
public class DefaultSecurityConfigurationStrategy implements SecurityConfigurationStrategy {

    @Override
    public void configure(HttpSecurity http, SecurityEndpointRegistry endpointRegistry) throws Exception {
        log.info("应用默认安全配置策略");
        
        http
            // 禁用CSRF保护
            .csrf(AbstractHttpConfigurer::disable)
            // 配置认证和授权规则
            .authorizeHttpRequests(authorize -> {
                // 明确允许API文档相关端点
                String[] authWhitelist = endpointRegistry.getEndpoints(SecurityEndpointRegistry.EndpointType.AUTH_WHITELIST);
                if (authWhitelist.length > 0) {
                    authorize.requestMatchers(authWhitelist).permitAll();
                    log.debug("配置认证白名单端点: {} 个", authWhitelist.length);
                }
                
                // 允许公开端点
                String[] publicEndpoints = endpointRegistry.getEndpoints(SecurityEndpointRegistry.EndpointType.PUBLIC);
                if (publicEndpoints.length > 0) {
                    authorize.requestMatchers(publicEndpoints).permitAll();
                    log.debug("配置公开端点: {} 个", publicEndpoints.length);
                }
                
                // 出题者角色端点
                String[] authorEndpoints = endpointRegistry.getEndpoints(SecurityEndpointRegistry.EndpointType.AUTHOR);
                if (authorEndpoints.length > 0) {
                    authorize.requestMatchers(authorEndpoints).hasAnyRole("AUTHOR", "ADMIN");
                    log.debug("配置出题者端点: {} 个", authorEndpoints.length);
                }
                
                // 管理员角色端点
                String[] adminEndpoints = endpointRegistry.getEndpoints(SecurityEndpointRegistry.EndpointType.ADMIN);
                if (adminEndpoints.length > 0) {
                    authorize.requestMatchers(adminEndpoints).hasRole("ADMIN");
                    log.debug("配置管理员端点: {} 个", adminEndpoints.length);
                }
                
                // 用户角色端点（放在最后，避免覆盖更具体的规则）
                String[] userEndpoints = endpointRegistry.getEndpoints(SecurityEndpointRegistry.EndpointType.USER);
                if (userEndpoints.length > 0) {
                    authorize.requestMatchers(userEndpoints).authenticated();
                    log.debug("配置用户端点: {} 个", userEndpoints.length);
                }
                
                // 其他请求需要认证
                authorize.anyRequest().authenticated();
            })
            // 使用无状态会话
            .sessionManagement(session -> session
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            // 禁用OAuth2资源服务器功能
            .oauth2ResourceServer(AbstractHttpConfigurer::disable);
    }

    @Override
    public String getStrategyName() {
        return "DefaultSecurityConfiguration";
    }

    @Override
    public int getPriority() {
        return 100; // 默认优先级
    }
}
